1X Technologies AS
Product Security Engineer, Cryptography & PKI
1X Technologies AS, Palo Alto, California, United States, 94306
About 1X
We’re an AI and robotics company based in Palo Alto, California, on a mission to build a truly abundant society through general‑purpose robots capable of performing any kind of work autonomously. We believe that to truly understand the world and grow in intelligence, humanoid robots must live and learn alongside us. That’s why we’re focused on developing friendly home robots designed to integrate seamlessly into everyday life. We’re looking for curious, driven, and passionate people who want to help shape the future of robotics and AI. If this mission excites you, we’d be thrilled to hear from you and explore how you might contribute to our journey. Role Overview
As a Product Security Engineer specializing in cryptography and PKI, you will be responsible for designing, implementing, and scaling cryptographic infrastructure that underpins the security of our firmware, devices, and communications. You will drive work from root‑of‑trust with hardware security modules (HSMs), build secure pipelines for firmware and certificate management, and collaborate across teams to embed best practices in secure device provisioning, attestation, and lifecycle management. Your impact will help ensure the integrity and trustworthiness of our robot fleet at scale. Responsibilities
Design and manage end‑to‑end cryptographic services, including public key infrastructure (PKI) and key lifecycle management
Establish HSM infrastructure as the root‑of‑trust for firmware signing and IoT endpoint authentication
Lead evaluation, procurement, installation, configuration, and integration of HSM vendor solutions
Architect key management systems that scale from hundreds of devices today to millions over time
Design remote device attestation mechanisms (e.g. fTPM, OP‑TEE, or equivalent) tied to the HSM root‑of‑trust
Build and automate secure firmware/bootloader signing pipelines
Define trust infrastructure and policies for author key generation, provisioning, rotation, and destruction
Secure build/artifact pipelines and code‑signing workflows
Develop factory provisioning architecture for mass key/certificate distribution
Support the development of secure communication protocols
Collaborate closely with Product Security, Cloud Infrastructure, Device Engineering, and SecOps teams as an individual contributor
Qualifications (Experience)
Strong experience with cryptography, PKI design, and key management
Experience working with hardware security modules (HSMs), including vendor selection, integration, and root‑of‑trust establishment
Familiarity with remote device attestation frameworks (such as fTPM, OP‑TEE, or similar)
Demonstrated ability to design and scale secure firmware signing and code signing pipelines
Proven track record in defining and enforcing trust policies (key generation, rotation, destruction) and provisioning mechanisms
Experience securing build/artifact pipelines and developing secure communication protocols
Ability to work cross‑functionally with hardware, software, security operations, and infrastructure teams
High attention to detail, strong problem solving, with a mindset of anticipating vulnerabilities and designing defendable systems
Nice to Have
Vendor-specific HSM credentials or labs (Thales, Utimaco, AWS CloudHSM)
NVIDIA Orin or similar SoC platform experience
Background in post-quantum crypto evaluation and migration planning
Familiarity with large-scale factory provisioning tools (KMIP gateways, ACME/SCEP)
ProdSec/supply-chain security expertise (SBOMs, CI/CD hardening)
Experience in C/C++/Rust/GoLang (in addition to Python / Bash)
GoLang preferred
Additional security certifications
#J-18808-Ljbffr
We’re an AI and robotics company based in Palo Alto, California, on a mission to build a truly abundant society through general‑purpose robots capable of performing any kind of work autonomously. We believe that to truly understand the world and grow in intelligence, humanoid robots must live and learn alongside us. That’s why we’re focused on developing friendly home robots designed to integrate seamlessly into everyday life. We’re looking for curious, driven, and passionate people who want to help shape the future of robotics and AI. If this mission excites you, we’d be thrilled to hear from you and explore how you might contribute to our journey. Role Overview
As a Product Security Engineer specializing in cryptography and PKI, you will be responsible for designing, implementing, and scaling cryptographic infrastructure that underpins the security of our firmware, devices, and communications. You will drive work from root‑of‑trust with hardware security modules (HSMs), build secure pipelines for firmware and certificate management, and collaborate across teams to embed best practices in secure device provisioning, attestation, and lifecycle management. Your impact will help ensure the integrity and trustworthiness of our robot fleet at scale. Responsibilities
Design and manage end‑to‑end cryptographic services, including public key infrastructure (PKI) and key lifecycle management
Establish HSM infrastructure as the root‑of‑trust for firmware signing and IoT endpoint authentication
Lead evaluation, procurement, installation, configuration, and integration of HSM vendor solutions
Architect key management systems that scale from hundreds of devices today to millions over time
Design remote device attestation mechanisms (e.g. fTPM, OP‑TEE, or equivalent) tied to the HSM root‑of‑trust
Build and automate secure firmware/bootloader signing pipelines
Define trust infrastructure and policies for author key generation, provisioning, rotation, and destruction
Secure build/artifact pipelines and code‑signing workflows
Develop factory provisioning architecture for mass key/certificate distribution
Support the development of secure communication protocols
Collaborate closely with Product Security, Cloud Infrastructure, Device Engineering, and SecOps teams as an individual contributor
Qualifications (Experience)
Strong experience with cryptography, PKI design, and key management
Experience working with hardware security modules (HSMs), including vendor selection, integration, and root‑of‑trust establishment
Familiarity with remote device attestation frameworks (such as fTPM, OP‑TEE, or similar)
Demonstrated ability to design and scale secure firmware signing and code signing pipelines
Proven track record in defining and enforcing trust policies (key generation, rotation, destruction) and provisioning mechanisms
Experience securing build/artifact pipelines and developing secure communication protocols
Ability to work cross‑functionally with hardware, software, security operations, and infrastructure teams
High attention to detail, strong problem solving, with a mindset of anticipating vulnerabilities and designing defendable systems
Nice to Have
Vendor-specific HSM credentials or labs (Thales, Utimaco, AWS CloudHSM)
NVIDIA Orin or similar SoC platform experience
Background in post-quantum crypto evaluation and migration planning
Familiarity with large-scale factory provisioning tools (KMIP gateways, ACME/SCEP)
ProdSec/supply-chain security expertise (SBOMs, CI/CD hardening)
Experience in C/C++/Rust/GoLang (in addition to Python / Bash)
GoLang preferred
Additional security certifications
#J-18808-Ljbffr